Yet, the client shows the ownership of files based on the numerical uid/gid instead of mapping the user and group names. I have the same user names on both machines, but the uids are not the same. So when I ls -l the directory on the client, it shows the files as owned by a different user which shares the same uid as the intended user on the server.

1 Answer
1

The file looks correct, perhaps the idmapd daemon is not running on one of the machines (check with pgrep rpc.idmapd)?

Is the mount actually done with NFS4? Check the output of mount on the client.

It might be possible to block the idmapd daemon with the TCP wrapper. Do the files /etc/hosts.deny and /etc/hosts.allow exist and have any content?

Note that even if you get it to show the correct user names on the client, it will not work as you want. Whenever you try access the files, the permission checking is done only with the numerical ids (without any translation between client and server). The translation is only done for the output of ls, not for the actual file accesses. So I guess you can stop trying at all, because this is probably not what you want.

The only solution for this is to sync the ids on client and server, or use Kerberos (which is very complex).

Thank you Philipp, I was hoping idmapd would take care of the user translation without syncing the IDs. Oh well. At least I know for next time. At this point it would probably be wise for me to setup an ldap directory to share users across my servers.
–
demersusOct 29 '12 at 15:02